yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: make Settings construction hermetic in security header tests

Browse Source 
Use _env_file=None and explicit base_url so tests don't depend on
global env vars or .env file loading.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Brown
2026-03-04 13:42:35 -07:00
committed by Abhimanyu Saharan
parent 6af02f6b75
commit bafc736e03
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backend/tests/test_security_fixes.py
View File

@@ -390,23 +390,29 @@ class TestPromptInjectionSanitization:
class TestSecurityHeaderDefaults:
"""Tests for sensible security header defaults."""
_HERMETIC_SETTINGS = {
"_env_file": None,
"auth_mode": "local",
"local_auth_token": "x" * 50,
"base_url": "http://localhost:8000",
}
def test_config_has_nosniff_default(self) -> None:
from app.core.config import Settings
# Create a settings instance with minimal required fields
s = Settings(auth_mode="local", local_auth_token="x" * 50)
s = Settings(**self._HERMETIC_SETTINGS)
assert s.security_header_x_content_type_options == "nosniff"
def test_config_has_deny_default(self) -> None:
from app.core.config import Settings
s = Settings(auth_mode="local", local_auth_token="x" * 50)
s = Settings(**self._HERMETIC_SETTINGS)
assert s.security_header_x_frame_options == "DENY"
def test_config_has_referrer_policy_default(self) -> None:
from app.core.config import Settings
s = Settings(auth_mode="local", local_auth_token="x" * 50)
s = Settings(**self._HERMETIC_SETTINGS)
assert s.security_header_referrer_policy == "strict-origin-when-cross-origin"